CVE-2026-22792

EUVD-2026-3778

21.01.2026, 21:16

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML (including on* event attributes) to execute in the renderer context. An attacker can inject an `<img onerror=...>` payload to run arbitrary JavaScript in the renderer, which can call exposed bridge APIs such as `window.bridge.mcpServersManager.createServer`. This enables unauthorized creation of MCP servers and lead to remote command execution. Version 0.15.3 fixes the issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.6 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
GitHub_M	CNA	9.7 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 48%

Affected Products (NVD)

Vendor	Product	Version
5ire	5ire	𝑥 < 0.15.3

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/nanbingxyz/5ire/security/advisories/GHSA-p5fm-wm8g-rffx

Common Weakness Enumeration

CWE-116 - Improper Encoding or Escaping of Output
The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References

https://github.com/nanbingxyz/5ire/releases/tag/v0.15.3

https://github.com/nanbingxyz/5ire/security/advisories/GHSA-p5fm-wm8g-rffx